Sunday, February 10, 2008

Zimbra Book

My review of:

"Zimbra: Implement, Administer, Manage" by Marty Resnick

  • ISBN-10: 1847192084
  • ISBN-13: 978-1847192080

Availabe from Amazon at: http://www.amazon.com/Zimbra-Implement-Administer-Marty-Resnick/dp/1847192084/

Summary: This is currently the only book on Zimbra. It's not bad and is certainly better than nothing. It raises things you might overlook when starting your Zimbra implementation and sets you up to ask the more difficult questions, though it doesn't answer them. Instead it answers the basic questions so that you can get up and running quickly. It's a good book to get you started quickly, but can't be your only reference.


Details:

My organization is evaluating Zimbra so I just spent the weekend reading this book cover to cover. It wasn't too difficult since it's about 200 pages and when you've gotten the general idea you don't need to read every word. E.g. just about every step starts with becoming root or the zimbra user with su and also covers details on using vi: "type 'i' to insert text". To me this is obvious and could have been trimmed. I suspect he's talking down to people who are new to running servers and doesn't want to leave them out, but perhaps a simple reference in the preface could have cut having to hear about this for every how to. Also, there are a lot of screen shots (which are great but take up space when counting pages) and some irrelevant sections. E.g. if you're installing Zimbra on RedHat, SUSE and Mac OS X you might actually read all of chapter 2. However, this doesn't need to be cut since the new deployer will probably choose one of the three example systems.

The point is; not all 200 pages are content thick. At the same time, the book could have been longer to cover things in more detail. That said it was easy to read and I know more about Zimbra than when I started so I'm still happy with it. Besides, what other Zimbra book are you going to read?

I've read some guides that try to set up a system in a more difficult configuration. E.g. "The NetBSD operating system" by Federico Lupi is a succinct introduction to Unix and he configures his example system the hard way, just to make it more instructive. E.g. he partitions the hard drive using sectors, not megabytes just to make it more instructive. This book does the opposite. There are plenty of times when he brings up a certain feature to let you know it exists and then fails to tell you how you might use it. E.g. Chapter 3, Administering Zimbra lists the attributes for a Class of Service (COS) and when it gets to Server Pool says: "...does not apply to us, as we are only using one server for Zimbra. So we could skip this tab". I quote the "So we could skip" part to give you a sense of the book's style; a little chatty. We all could have done without that sentence. This omission hit home for me since I'm particularly interested in the Server Pool feature because I want to define a class of servers to handle a class of users. E.g. all faculty get their mail on system X while all students get their mail on system Y, but both have the same domain name. Luckily this is explained in the Zimbra documentation's Multiple Server Installation so it's not that how this is done is unknown. Also, I knew I wanted to use multiple servers for a single domain, but I didn't know about Zimbra's COS term until I read this book so the book deserves credit. Here's an example of where it introduced me to something so that I'd ask question. The book didn't answer the question, but at least it inspired me to ask and made it easier for me to find the answer on my own since it introduced the terminology that other Zimbra admins will use. Also, I think this book is trying to help the new admin get a server up quickly and doing things the hard way may for teaching purposes not appeal to a majority of this book's audience. At the same time, I'd expect a book on a scalable mail server to cover how to scale the mail system.

I'll spend the rest of this review listing questions that it raised that I recommend the reader try to answer. I'll also hint as some things which you might not know about Zimbra unless you read this book.


Even More Details: (now I'm getting knit picky)

Chapter 2: Installing Zimbra

Configuring DNS, step 6, mentions creating a CNAME "which will create an alias of the server that we will use for our mail server". Aside from this being an awkward way to put it, the screen showing this contains no CNAME.

Chapter 3: Administering Zimbra

Class of Service (COS), step 7, mentions Server Pool but doesn't really explain why you might take advantage of it or how it works.

Creating a Distribution List never talks about security. For now I assume that anyone can post to a distribution list, but if I could limit Distribution List posters to users within a certain COS that would be very handy.

The zmcontrol and zmprov commands seem great. I wonder if there are more features to them.

Chapter 4: The Zimbra Web Client

Note the distinction between Contacts, the Personal and Shared Contacts and the Global Address List.

Tags are very handy and I wouldn't have taken advantage of them without this book. He makes a good case for them by showing two completely unrelated messages related by content only and saying "in our minds, we want to be able to group those messages together".

The sharing for all kinds of Zimbra objects (messages, calendars, contacts, documents) is nicely explained. The system is well designed in that it probably uses the same core object permission system. The documents are less well known. It's a page of HTML that allows me to provide notes along with a hypertext link to documents. Nicer than just a file manager view. The Zimbra Assistant is also a great feature I might have otherwise overlooked.

Chapter 5: Securing Zimbra

There's a little bit of a cop out because he decides that our example is not supporting IMAP or POP, just MAPI, Web and Mobile. That said I guess I'd choose the last three since the first two are obvious, but why should we have to cut any? As a result he doesn't talk much about IMAPs. He also doesn't talk directly about secure MAPI, though it is supported since the MAPI client really translates to a web service which can use HTTPS.

He does mention that the "MTA has built-in security and verification, so that it is a closed relay to be used by authenticated users only". However, there's no mention of which ports this runs on (25?, 587?).

Under Host-Based Firewall he lists six ports to leave open but never says what services they provide. You'd want to know this if you're supporting services on them.

  • 3930 not listed in wiki, syam-webserver?
  • 7025 LMTP (note that he never mentions what LMTP is)
  • 5800 not listed in wiki, vnc-http?
  • 5900 not listed in wiki, vnc?
  • 3895 not listed in wiki, syam-smc?
  • 3894 not listed in wiki, syam-agent?
I'm left guessing based on standard definitions of these ports and they don't seem to be Zimbra related. At least they weren't listed on the Zimbra wiki: http://wiki.zimbra.com/index.php?title=Ports

His mention of making sure /opt has 5G free before upgrading is handy.

Chapter 6: Customizing Zimbra

The POP accounts section in this chapter is not Zimbra's POP service. It's about using the web client to POP from another POP server. It stores the other account's POP credentials so that you can read that mail with a single sign on to the Zimbra web client. I wonder if it stores the credentials in plain text. That aside I can now go to one place to read my work and personal mail if I POP my gmail to the Zimbra web client. Since the web client is powerful enough that you can actually learn it better with short cuts it might be efficient to get used to one interface. The keyboard Shortcuts are great. I'm glad he takes time to explain how to set up your own short cuts to save time. E.g. I can type "v 6" to view all mail in a folder about a topic and then type ". 6" to move all highlighted messages into that folder. The "Group mail by" feature supports a threaded inbox and the "show fragments in conversation" to show more than the subject allows Zimbra to feel even more like gmail.

The Search Builder feature is cool. I like that it shows users a search string which defines the search formally and succinctly in an effort to train them to use the search better. E.g. (attachment:any from: (The Boss) is:anywhere before:3/1/2007) is a saved search and if you understand it you can vary it more quickly than if you just used the search builder view. It's nice that these saved searches can be executed three ways (Advanced Search, Navigation Pane, Shortcut).

The "Enable address for new mail notifications" feature is interesting. It let's the user supply an email address which gets notified when email arrives for another account, without forwarding the message content. This let's you wear multiple hats efficiently. Suppose there's a generic account like help@ but the person responsible for it doesn't want to leave it open all day. This gets more interesting when you add Zimbra Identities since that person could then hop into the other identity without logging out to read and reply to the message. In that context a different signature and reply-to is used for the generic account. The security of this is based on COS. So not anyone with an account could do this, but you'd have to define the COS carefully to prevent this. You can duplicate a default COS to a new COS to inherent features but this sounds like it would introduce data anomalies. It would be better if COS's could be inherited. I'm not sure I want to introduce all of this feature to my users since I didn't intend to COS on a departmental level.

Chapter 7: Zimbra and Outlook

The import wizard seems great. I love the ignore previously imported items feature. Note the migrate private appointments warning since they'll then become public, though this should be fixed by Zimbra5.5. The ZCO's address book integration with LDAP and the GAL is nice and it's nice that Zimbra supports meeting invitations too. Like Exchange Zimbra also supports sharing Outlook folders (contacts and calendars) and delegating access to other users.

Chapter 8: Zimbra on the Road

Zimbra purposely choose to mimic how Exchange interacts with smart phones so any Exchange compatible smart phone will work with Zimbra too. This section of the book covers how to enable Zimbra mobile but doesn't explain how it works. A system diagram in Chapter 1 shows an "Over the Air" Sync to a Protocol Gateway which runs on top of ZCS, on top of Tomcat, but doesn't really explain how it works. He also says that Zimbra Mobile requires an additional licence but doesn't explain how to configure it. I'm left guessing that it will be in the licence XML file. He then explains configuring a Windows Mobile and Palm device to use Zimbra Mobile. I'm sure it works like magic, but I'd at least like a high level explanation.

Chapter 9: The World of Zimlets

It's like adsense for you, not the advertiser. These things read your mail and then try to help. E.g. addresses become hyperlinks which turn into maps when hovered over. Or dates and times become hyperlinks which show your calendar when hovered over. These simple examples show how useful Zimlets are. He explains how to add Zimlets via the command line and after editing an XML file he has you reload it with zmzimletctl. He didn't explain how the command knew which Zimlet to update since he didn't provide the name in the command. I guess the XML file contains that information but I would have guessed that the user would want to know. Also he then suggests that you restart tomact but doesn't explain the user impact. I imagine that all users would have a short interruption in service if you did this. I wonder if anyone's written and an adsense Zimlet for those looking to boost revenue.

Chapter 10: Backup and Restore

By default Zimbra automatically does full backups (including LDAP) weekly and incremental backups (user data diffs) nightly and it retains data for one month. Almost idiot proof. zmbackup and zmrestore along with zmschedulebakup seem like handy commands. The book suggests backing up to a separate server but doesn't show how this is done. Saving the backup in the default /opt/zimbra/backup/ won't work for me. I imagine I'll find a way around it, but it would be nice if it was in the book. The examples for restoring individual accounts are useful.

Chapter 11: Keeping an Eye on Zimbra

He motivates discussing monitoring to maximize availability, scalability and security. I agree that you'll need to know "zmcontrol status" and "zmcontrol start $service" but I have a feeling like the availability talk would need something more than just that. While talking about scalability he mentions using Message Volume and Disk monitors. So, if I know the aggregate size in MB of all the messages received and sent by the server per hour and per day (Message Volume) as well as how much disk space is available per hour (Disk Usage) then I can predict how to scale my system? I guess, but I think I'd need to know some other things as well.

The mail queues section is handy. It has a slight typo suggesting that I use the flush queue button on the right. It's in the screen shot on the left. Perhaps there were updates and the screenshot person got out of sync. I didn't find the explanation of when to flush the queue to be as good as it could be: "when a bottleneck is created from the server experiencing too many errors sending out too many messages and therefore no messages are being sent out from the server".

The log files guide is a good start:

/var/log/zimbra.log         :: if a service is stopped
/opt/zimbra/log/audit.log   :: security and authentication
/opt/zimbra/log/mailbox.log :: mailbox activity 
Overall I agree with the author; you have to do the things in Chapter 11, but I feel there's more to it than that. How about how to setup Zimbra with Cacti or Zenoss? How about at least mentioning SNMP? How about listing all the log files for the current version after emphasizing the most popular three?

The End:

This book slowly makes the case that Zimbra seems to come very close to doing what Exchange can do. Perhaps even closer than other any other product. It also has the benefit of being cheaper, easier to administer, more extensible and more reliable. Of course it's also Open Source software with a few proprietary add-ons to keep your users with an Exchange background happy. I can imagine some organizations just using the Open Source version and doing very well. Don't let anything I say that might seem critical of the book taint your view on Zimbra.

And don't get me wrong: I'm grateful for this book. If you're considering deploying Zimbra buy it. Even if you read it quickly it will tell you everything you need to know to get started. It will help you better understand the online documentation which you will still have to read.

No comments: